IN11-507: Canadian CCIRC Vulnerability Note

The Canadian Cyber Incident Response Centre Information (CCIRC) Information Note IN11-507 on Cyber Threats and Vulnerabilities Against SCADA Systems summarizes hundreds of pages of security bulletins into a succinct document.

This note covers 9 important Vulnerabilities.

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security CCIRC IN11-507 (37 kb) (Updated July 4, 2011) No distribution permitted – see details below.

CCIRC IN11-507 (text version - 22 kb) (Updated July 4, 2011) No distribution permitted – see details below.

Vulnerabilities particular to this update:

  1. Azeotech DAQFactory Networking Vulnerabilities
  2. Rockwell Factorytalk Diagnostic Viewer Memory Corruption Vulnerability
  3. Rockwell Automation RSLinx Classic EDS Hardware Installation Tool Buffer Overflow1 – updated
  4. Siemens SIMATIC WINCC Exploitable Crashes

Vulnerabilities covered in the original IN11-507 note:

  1. Ecava IntegraXor XSS
  2. Ecava IntegraXor DLL Hijacking
  3. 7-Technologies IGSS Denial of Service
  4. Samsung Data Management Server
  5. Siemens Simatic S7-1200 PLC Vulnerabilities
  6. Rockwell Automation RSLinx Classic EDS Hardware Installation Tool Buffer Overflow1
  7. Progea Movicon TCPUploaderServer
  8. Heap Overflow Vulnerabilities in Sunway ForceControl and pNetPower
  9. InduSoft IsSymbol ActiveX Control Buffer Overflows

1. Operators of SCADA and ICS systems should pay particular attention to this vulnerability.   The Rockwell Automation Rslinx Classic EDS Hardware Installation Tool Buffer Overflow is often integrated into other ICS vendors' installation packages to assist in inter-vendor equipment integration. If a control system has any integrated Rockwell components (even if they play a minor role) then the operator needs to check for the existence of the software and patch it if found.

No distribution permitted

You are accessing this document because you are a bona fide ICS or SCADA security professional.  Do not redistribute this information or post it on the internet. 

If you know someone who would like this document, please send them the link to register for this website to obtain access: http://www.tofinosecurity.com/user/register
(You cannot go to this link if you are logged into this website. The link works for people who are not logged in.)

Related Links

"Digging for Facts on the Siemens S7-1200 PLC Security Vulnerabilities, Part 1/3" - In this blog article, Eric Byres explains which Siemens products are affected.

"Siemens S7-1200 PLC Security Vulnerabilities, Part 2/3" - In this blog article, Eric Byres explains what the PLC security vulnerabilities mean for the SCADA and ICS industry as a whole.

"Protecting Siemens S7-1200 PLCs against Security Vulnerabilities, Part 3/3" - In this blog article, Eric Byres explains what the PLC security vulnerabilties means for SCADA / ICS professionals.

"More SCADA Security Threats: Where There’s Smoke, There’s Fire" -  This blog article discusses how once a vulnerability is identified, it is often easy to find more.

"The Italian Job – Multiple SCADA/ICS Vulnerabilities Go Public” – in this blog article Eric Byres gives his perspective and concerns about the multiple vulnerabilites released by Luigi Auriemma, an Italian researcher.

ISSSource.com, June 9, 2011
Siemens PLC Security Vulnerabilities

ISSSource.com, March 23, 2011
More SCADA Vulnerabilities Found